Certain types of wireless communication networks, e.g., orthogonal frequency division multiplexed (“OFDM”) networks, are used to support cell-based high speed services such as those under certain standards such as the 3rd Generation Partnership Project (“3GPP”) and 3GPP2 evolutions, e.g., Long Term Evolution (“LTE”), the Ultra-Mobile Broadband (“UMB”) broadband wireless standard and the IEEE 802.16 standards. The IEEE 802.16 standards are often referred to as WiMAX or less commonly as WirelessMAN or the Air Interface Standard. Wireless communication networks, such as cellular networks, operate by sharing resources among the mobile terminals operating in the communication network. As part of the sharing process, base stations and wireless gateways support wireless communications in a cell or region with multiple mobile terminals.
Because radio resources are shared and are finite, it is desirable to minimize the amount of unnecessary communications on the wireless radio network. Such unnecessary wireless communications can result in wireless data communication environments where some third party device transmits unsolicited packets intended to probe mobile terminals or otherwise disrupt communications with the mobile terminals. These undesired and unsolicited communications can take the form of transmission control protocol/internet protocol (“TCP/IP”) packets.
For example, “always on” data subscribers using mobile stations have active and dormant point-to-point protocol (“PPP”) sessions or sessions similar in function based on other similar protocols. These PPP sessions are active when a mobile terminal sends data and stay active for a period of time after which the PPP session will go dormant. These sessions are typically maintained in a dormant state so that subscribers' mobile terminals do not consume battery power and so that the wireless network is not consuming unnecessary radio resources. When a mobile station receives data network “push services” where data is automatically sent to the mobile station without a specific request packet will quickly have access to these services, the PPP session becomes active and will stay active for a period of time. Examples of valid “push services” include carrier supplied, enterprise specific and subscriber initiated push services.
Those wishing to attack the wireless networks are aware of this arrangement and transmit unsolicited packets, such as port scan packets, that wake up the dormant PPP sessions and consume radio resources. In addition, those wishing to gather information from a network may also transmit port scan packets or other packets, unaware that the terminating network is a mobile network, and this also wakes up dormant PPP sessions and consumes radio resources. A “port scan” is a method used by an attacker to determine what services are running on a device or network. When conducting a “port scan,” an attacker transmits requests on different TCP/IP logical ports and takes note of which ports respond in certain way. TCP/IP logical ports typically map to applications so an attacker who knows which applications are accessible can use this information to map its attacks. Accordingly, not only are port scans wasteful of radio resources, they are also potentially harmful to the mobile station.
Examples of such undesired and potentially disruptive communications are discussed with reference to the prior art system shown in FIG. 1. FIG. 1 shows a prior art system 10 in which a wireless gateway 12 is used to facilitate communications between mobile station 14 served by carrier wireless network 16, and remote device 18 on Internet 20. Wireless gateway 12 includes hardware and software known in the art to route data packets, such as TCP/IP packets, sent from remote device 18 to mobile station 14, and vice versa. In operation, wireless gateway 12 receives a data packet transmitted by remote device 18 over Internet 20 and passes the packet along to carrier wireless network 16 for transmission to mobile station 14. Examples of wireless gateway 12 include Gateway General Packet Radio Service Support Nodes (“GGSN”), a Packet Data Serving Node (“PDSN”) and an Access Gateway (“AGW”). A GGSN is a network node that works as a gateway between a General Packet Radio Service (“GPRS”) wireless data network and other networks such as a private network or the Internet. PDSNs are typically used between Internet 20 and cdma2000 and other code division multiple access (“CDMA”)-based carrier wireless networks 16. AGWs are used to provide access between Internet 20 and multi-service wireless networks, WiMax networks and wireless LANs.
Carrier wireless network 16 includes base stations (not shown), authentication, authorization and accounting (“AAA”) servers (not shown), and other devices known in the art to provide wireless communications from wireless gateway 12 to mobile station 14. Implementations of carrier wireless networks 16 include different components depending on the technology of the carrier wireless network, e.g., CDMA vs. global system for mobile (“GSM”) vs. universal mobile telephone system (“UMTS”) vs. WiMAX.
Mobile station 14 can be any mobile station known in the art that is capable of engaging in wireless data communications with gateway 12 via a supporting carrier wireless network 16. Such devices include but are not limited to mobile phones, portable computing devices, stationary computing devices equipped with wireless communication network interface hardware and software, smartphones, personal digital assistants (“PDAs”). Mobile station 14 includes the software, firmware and hardware, such as a central processing unit, volatile and non-volatile storage, user interface, display and communication circuitry to engage, in wireless communications using carrier wireless network 16. Remote device 18 can be any computing device known in the art that is capable of transmitting and receiving a data packet, such as a TCP/IP packet, via Internet 20.
Exemplary undesirable known operation in which systems 10 facilitate port scanning in a manner which wastes and consumes wireless network resources on carrier wireless network 16 and, as a result, battery and processing resources on mobile station 14 is described with reference to FIG. 2. In traditional and valid TCP connection establishment, a three-way handshake is used in which remote device 18 transmits a TCP SYN packet to mobile station 14. Mobile station 14 responds with a TCP SYN-ACK acknowledgement packet to which remote device 18 responds with its own acknowledgement, often referred to as a TCP SYN-ACK-ACK packet. In such a case, gateway 12 merely passively passes packets between remote device 18 and mobile terminal 14 without regard to intent.
However, in a port scanning operation such as is shown in FIG. 2, merely passing packets between remote device 18 and mobile terminal 14 results in a waste of carrier wireless network 16 resources. Initially, remote device 18 transmits TCP SYN packet destined for mobile station 14 (step S100). Gateway 12 receives the TCP SYN packet (step S100) and transmits the TCP SYN packet to mobile station 14 (step S102) via carrier wireless network 16. Not knowing that the TCP SYN packet is intended merely as a port scan, mobile station 14 awakens if it is dormant and transmits a TCP SYN packet back to gateway 12 (step S104). Having no knowledge of the port scanning intent, gateway 12 then transmits the TCP SYN packet to remote device 18 (step S106). The malicious port scanning complete, remote device 18 either does nothing further with respect to mobile station 14 and leaves the three-way handshake incomplete, or transmits a reset (“RST”) packet (step S108) which is received by gateway 12 and, in a further waste of carrier wireless network 16 resources, transmitted in turn to mobile station 14 (step S110). It is therefore desirable to have an arrangement under which port scanning can be blocked to prevent the unnecessary consumption of wireless network resources.
As another example, remote device 18 may not even attempt malicious communication through the veil of an aborted port scan. Remote device 18 may simply send an unsolicited packet that is not a session establishment, e.g., TCP SYN, packet. An example of such communication and its resultant waste of carrier wireless network 16 radio resources is explained with reference to FIG. 3. Initially, remote device 18 transmits a TCP, connectionless user datagram protocol (“UDP”) or other unsolicited data packet addressed to mobile station 14 (step S112). Gateway 12 receives this data packet and simply forwards it without analysis to mobile station 14 (step S114). Mobile station 14 receives the data packet and, because the packet is either not for a service supported by mobile station 14, or not based on a validly established connection and communication session, drops the packet (step S116). Under this arrangement, wireless radio resources are consumed unnecessarily due to the transmission of the packet from wireless gateway 12 to mobile station 14. Further, if mobile station 14 was dormant, it was unnecessarily awakened, thereby causing the wasteful consumption of battery power. It is therefore desirable to have an arrangement under which unsolicited packets are evaluated and dropped prior to transmission to mobile station 14.